Pipeline Scan example for using Gradle with GitHub Actions

This example YAML code shows how to add a Pipeline Scan as a build stage in a GitHub Actions build pipeline that uses Gradle.

The example includes a script that downloads and unzips pipeline-scan-LATEST.zip, to ensure you have the latest version, then runs pipeline-scan.jar using your API credentials. For improved stability, Veracode recommends that you change these scripts to use the Pipeline Scan Docker image.

name: pipeline-scan

on: push

jobs:
  build:
    runs-on: ubuntu-latest
    steps:
      - name: build
        run: gradle clean build
  pipeline-scan:
    runs-on: ubuntu-latest
    steps:
      - name: Set up JDK 1.8
        uses: actions/setup-java@v1
        with:
          java-version: 1.8
      - name: Download the Pipeline Scanner
        uses: wei/curl@master
        with:
          args: -O https://downloads.veracode.com/securityscan/pipeline-scan-LATEST.zip
      - name: Unzip the Pipeline Scanner
        run: unzip pipeline-scan-LATEST.zip
      - name: Run Pipeline Scanner
        run: java -Dpipeline.debug=true -jar pipeline-scan.jar --veracode_api_id "${{secrets.VERACODE_API_ID}}" --veracode_api_key "${{secrets.VERACODE_API_KEY}}" --file "example.jar" --fail_on_severity="Very High, High"

Did you find this helpful?